You Can Hack Fitbits and Smart Phones Using Sound, Researchers Say

It’s possible to hack technology including Fitbits, smart phones and smart watches using sound waves, new research suggests.

Computer science and engineering students and professors at the University of Michigan and the University of South Carolina have been studying the accelerometers and other motion sensors found in consumer devices that are designed to measure specific environmental signals, for example acceleration.

The researchers discovered that it is possible to spoof various environmental stimuli using acoustics. In a laboratory, Timothy Trippel, a computer science and engineering PHD student at the University of Michigan, created an automatic system that would allow him to spoof acceleration using sound waves at different frequencies.

He was able to attack a MEMS (Micro Electro Mechanical Sensor) accelerometer in a smart phone running an application that was steering an remote controlled car, as well as spoof thousands of steps on a Fitbit without ever taking a single step.

[youtube https://www.youtube.com/watch?v=Dfc3jZkcnLU&w=560&h=315]

“We were able to not only disable systems with acceleration sensors but we could control their output in a way that would alter the behavior of systems that use these devices,” he said.

Trippel added that the researchers were not trying to exploit vulnerabilities for the sake of causing harm, “but rather for the sake of improving the safety and reliability of the systems that we use everyday that contain vulnerable devices.”

Kevin Fu, associate professor of computer science and engineering at the University of Michigan, explained in the report that the team has since discovered how to create software that can defend against many of these acoustic interference attacks. “We hope that the industry will be able to use our software techniques to retrofit security into their already-deployed products,” he said. “Once we can solve a lot of these problems in analogue cyber security, we believe consumers will have more trust in emerging devices.”